New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
"gcannon" ddos ??
Hi,
so one of my servers was shutdown (and was asked to find new provider) due to ddos, layer 7 they say "gcannon."
never heard of it, they say it was power full it caused big issue for other customers. they said it was over 2 million "requests per second" from "over 5,000 unique ip addresses"
does anyone heard of it or know how to stop? i couldn't find anything googling.
Comments
Possibly this: http://www.pcworld.com/article/2908912/chinas-great-cannon-ddos-tool-enforces-internet-censorship.html
Did you piss of China perhaps?
They are referring to China's "Great Cannon".
You can't "stop" it, you will have to find suitable Layer 7 mitigation that will be willing to mitigate if what they say is true, 2 million req/s. It won't be cheap.
What do you host to be attacked by Chinese F. Government?
Everyone its time to encrypt
edit:
Fuck you @jbiloh and @mpkossen when are we getting HTTPS!!!!
I ask old provider, they say it's no chinese traffic on box, they list country:
USA, CANADA, UK, AUSTRALIA, GERMANY, RUSSIA, LUXEMBOURG, BRAZIL, ARGENTINA, SPAIN
Did you read the article I linked?
The traffic would come from other countries if it was gcannon. What are you hosting on the server??
Yes, and I hosting 4 API servers, 2 WP-blogs, 1 node.js blog.
Any of those have any content about China?
Mmmm, change your origin IP then go Cloudflare with "I am under attack mode".
@HRxM2 Most Argentinians do have their home pc infected and are very naive
Block China IPs you win they win
Did you actually bothered to read the thread?
OVH and then rate limit requests per IP with nginx?
Ips can be spoofed easly. Am sure OVH of Voxility can handle any of them.
It will be better to rate limit with Open Litespeed
can easy set per client for example 16 static recuests but only 1 dinamic + connections soft /hard limit + per client max bandwith + grace period + longer bann period
Chinese internet users are always victims.
no sir, no china related content.
after days searched, believe found what it is. I talk to friend, he say "variant of WP-XMLRPC/JOOMLA attack, it's using a (currently) unknown attack vector and amplification method like none other for layer 7 attacks. We've seen a few strains of this hanging around hitting customers offline, it's a very difficult one to block since all the requests appear 100% legitimate, no invalid headers, no randomization, nothing. They appear as regular computers which we believe aren't infected with any malware at all."
does anyone know what it mean ?
Are you running the newest version of Word Press / Joomla?
What plugins do you installed. Have you looked to make sure they are safe?
Have you tried nulling xmlrpc via a deny access?
Not vulnerable. No vulnerable plugins. I check already. He say incoming attack, no outgoing. er, how to say "no unique signature"
does this help?https://wordpress.org/support/topic/delete-xmlrpcphp
no, it not using xmlrpc, he say variant but more advanced (read above pls)
Hire someone, as in your previous statement you made note of the attack using xmlrpc and now you are saying that it isn't using that attack.
" he say "variant of WP-XMLRPC/JOOMLA attack""
who u recommend hire ? and yes he say this, i try to write properly in english. first language not english, sorry if mistake.
X4B
Can you give me a sample of the IPs that are hitting your server?
access log - here some :
153.208.54.12, 88.42.55.10, 198.43.55.62, 67.41.53.45, 76.43.55.84